On this page
1.28.2
Solo build of Istio version 1.28.2 patch release.
This release note describes what’s different between Solo builds of Istio versions 1.28.1-patch0 and 1.28.2.
Security Notice
This build includes a fix of a CVE in the c-ares dependency of Envoy:
- CVE-2025-62408: (CVSS score 5.9, Medium): Use after free due to connection being cleaned up after error.
General Changes
- Built against upstream Istio commit
5ee02944487b3047e7a637309829834ae36b186b. Compare.
Solo Flavor Changes
Improved
istioctlcommand help descriptions and examples with clearer guidance for bootstrap, ecs service-add, and multicluster check, expose, and link commands.Added a mesh-wide escape hatch based on port matching for outbound traffic being impacted by ztunnel capture. Configure via
AMBIENT_EXCLUDE_OUTBOUND_PORTSenvironment variable (e.g.,AMBIENT_EXCLUDE_OUTBOUND_PORTS="1443,16000-16010").
FIPS Flavor Changes
No changes in this section.